NT OBJECTives Releases Hackazon, First Open-Source Vulnerable Web Application to Reflect Today’s Rich Client Interfaces, Mobile and Web Services Application Technologies

Share Article

Hackazon is the first vulnerable test application with AJAX and RESTful interfaces, strict workflows, and a companion mobile app, providing uniquely-effective training and testing ground for IT security professionals.

NT OBJECTives releases Hackazon, the first open-source vulnerable web application to reflect today’s rich client interfaces, mobile and web services application technologies.
Hackazon is a unique open-source training and testing tool, available to the IT industry and will ultimately be donated to OWASP.

NT OBJECTives, Inc., the industry’s leading provider of automated, comprehensive and accurate web application security solutions, recently announced the release of the first open-source vulnerable web application built with web 2.0 and mobile client technologies. Hackazon is a vulnerable test application site, or a “fake app,” that replicates an online storefront with full functionality and technology commonly used in today’s applications, including a mobile component. Hackazon is a unique open-source training and testing tool, available to the IT industry and will ultimately be donated to OWASP.

IT security professionals have long needed a vulnerable test application that enables them to train their teams to secure modern web and mobile applications, including rapidly-expanding web services. Traditionally, test applications have been used by the industry to enable penetration testers to build skills and to evaluate testing tools. However, the vulnerable test applications currently available (WebGoat, DVWA and Hacme Casino) do not reflect today’s app technologies. Hackazon was built to fill the void between today’s applications and yesterday’s vulnerable test ones.

Dan Kuykendall, co-CEO and CTO of NT OBJECTives, who helmed the development of the ground-breaking open-source vulnerable web application, says, “Hackazon is something the industry desperately needs. Security testing is a coverage game. When large portions of applications go untested, there is too much unknown risk – and unknown risk is what keeps security professionals up at night. Security teams today are responsible for mobile applications, rich client interfaces and RESTful interfaces that are too frequently going untested. It’s time for that to change.”

To serve as such an innovative and useful vulnerable test application, Hackazon incorporates a variety of features and modern technologies, including a combination of AJAX and RESTful interface technologies such as JSON, XML, Google Web Toolkit, and Adobe Messaging Format. Plus, each vulnerable area is configurable, so users can adjust the vulnerability landscape to prevent “known vuln testing” or any other shortcuts. Additionally, the web service provides authentication and full shopping services, and the shopping cart checkout process includes vulnerabilities that can only be found when properly following the expected workflow. Finally, this open-source vulnerable web application also has a companion mobile app, which uses RESTful JSON application program interfaces to view products and process a purchase.

In order to find all the vulnerabilities that exist in Hackazon, security professionals and web scanners will need to sharpen their abilities to move beyond web 1.0 and into the modern age of AJAX mobile and web services. Of the vulnerable test application, Kuykendall added, “This is something that we built for the industry. I want to encourage developers and security experts to begin contributing to the application, adding additional functionality and vulnerabilities.”

Kuykendall will be presenting “Hackazon - Stop Hacking Like its 1999” during OWASP AppSec California Wednesday, January 28 at 11:30am at the Annenberg Community Beach House, 415 Pacific Coast Hwy, Santa Monica, CA 90402. To attend this talk, register for AppSec California.

To download Hackazon, please visit http://www.ntobjectives.com/hackazon/. For more information about this unique open-source vulnerable web application, contact NT OBJECTives at http://www.ntobjectives.com/company/contact/.

About NT OBJECTives, Inc.

NT OBJECTives, Inc. (NTO) is a provider of most automated, comprehensive and accurate web application security software, services and SaaS. NTO’s customizable suite of solutions includes application security testing, SaaS scanning and in-depth consulting services to help companies build the most comprehensive, efficient and accurate web application security program. NT OBJECTives is privately held with headquarters in Irvine, CA. For more information, visit http://www.ntobjectives.com or follow us on Twitter at @ntobjectives or @dan_kuykendall.

Share article on socal media or email:

View article via:

Pdf Print

Contact Author

Kim Dinerman
NTObjectives
+1 877-686-9327 Ext: 3
Email >
Visit website